Most of the best InfoSec professionals I know don’t have a related degree

There have been several people and media outlets commenting that the CISO of Equifax has a music degree.

Infosec is an industry that in my experience is led mostly by smart people who are obsessed with infosec, are self-taught, and transitioned to experience.

I’m personally self-taught. I was given the title of global security expert by Canada’s biggest company, and privacy expert & international trainer for the International Association of Privacy Professionals (IAPP).

On a slightly more serious note, I remember a first meeting a technical mentor, Marcus, when he mentioned that if I like infosec so passionately, I likely also enjoy amateur (ham) radio, photography, model rocketry, lock picking etc. People in InfoSec often have deep and creative hobbies, and many of them. So having a passion for music also makes a lot of sense, and does not devalue the individual’s competence in terms of information security capabilities, as least on its own.

Equifax surely made some epic mistakes, which should actually impact credit reporting moving forward as industry fraud level is too high now to trust any of the data points used by Equifax. But let’s not make it unnecessarily personal when the individuals degree doesn’t have any relevance.